Miva Merchant, the company behind the popular shopping cart with the same name ("Miva Merchant") released the following statement on July 12, 2010. The original statement can also be accessed online at http://extranet.mivamerchant.com/forums/showthread.php?p=359939

Miva Merchant 5.5 PA-DSS Update

IMPORTANT AND CRITICAL UPDATE FOR ALL 5.5 STOREOWNERS

Dear Miva Merchant Customer,

As many of you already know, July 1, 2010 was the mandatory deadline for all Payment Applications to become PA-DSS Validated. This requirement impacts all payment gateway providers, swipe terminals, and shopping cart vendors like Miva Merchant.

PA-DSS Validation is different from PCI-DSS Compliance. Both are implemented and governed by the PCI Security Council, but in order to maintain your PCI-DSS Compliance as a merchant, you must be running PA-DSS Validated (and properly configured) software.

Miva Merchant recently completed its PA-DSS Audit and have received its Attestation of Validation (AOV) from its Qualified Security Assessor (QSA) and has submitted this to the PCI Security Council for listing on their website as a PA-DSS Validated Application.

Although the validation is now complete, it will take approximately 6 more weeks in order to be listed on their website. In the meantime, should your merchant provider need proof of validation, you should be able to use our AOV (Attestation of Validation) to satisfy the requirement. http://www.mivamerchant.com/html_email/pa-dss/PA-DSS_AOV.pdf

Sharing is good. If you have a comment about this entry, please feel free to share. The comments might be reviewed by our staff, and may require approval before being posted. Questions posted will not be answered. Please submit a Ticket for support requests.